Wednesday, March 25, 2015

According to Ian Parker of The New Yorker, "Apple has made missteps, but the company’s great design secret may be avoiding insult." It seems curious that they are able to avoid criticism and instead create a "reality distortion field," in a way that so few other companies have been able to.

Some might explain this fear away as standard corporate procedure. Developers in relationships with Apple are argued to have been required to sign NDAs in order to test prerelease software. Indeed, some developers felt pressure to take down blog posts critical of iOS 7 because they did not want to go against their contractual obligation to secrecy. On the other hand, there are plenty of public screenshots and walkthroughs available during any of Apple's releases and journalists and public commentators have made hardly a squeak when it comes to criticism of Apple, particularly relating to design. Non-disclosure agreements cannot be the explanation.

James Allworth, a former Strategist for Apple currently with the Harvard Business Review who partners on the Stratechery Podcast with Ben Thompson, sheds light on how Apple has gone about avoiding insult, and it has been anything but a passive strategy. He explains: "I'm generally pro-Apple. I love what they do, I'm completely invested in their ecosystem, I loved working there previously."

You are surely noticing a pattern here where would-be critics are preemptively apologizing for admitting publicly that Apple is imperfect. Allworth was brave enough to continue at this point: "at the same time, it [Apple] shouldn’t be above criticism. But anytime you think about wanting to write something like this [anything critical] you just pause before pulling the trigger."

In his days at Apple, Allworth recalls having been a member of a mailing list led by Apple's Chief Evangelist at the time, Guy Kawasaki. It was on this mailing list that a brigade of devout Apple employees and fanatics would go about promoting Apple's interests by destroying the opposition. Allworth described what was expected of him when Kawasaki would rouse the mailing list:

I was one of the ones that used to send emails to journalists that said anything other than kind things about Apple. Like they used to post negative articles about Apple and a whole horde of Apple proponents would bear down upon this poor unsuspecting soul.

This is why you're a fool to buy into their walled garden. It's like volunteering to live on the wrong side of the Berlin wall. And it's why they're never going to own the game market that they threw away after the Apple II. Android will eventually beat out iOS on all mobile platforms for just that reason; game developers are among the few developers where the users are essentially platform-independent.

Eventually someone is going to figure out what Intel did back in the late 90s and realize that they can dominate the mobile platform with killer game applications across the various game genres. And it's not going to be Apple. Because fApplism.

I think the influence of this sort of thing is exaggerated. Journalists have shown plenty of willingness to ignore angry letters, emails, or phone calls when it suits them to do so. The reason Apple's method works is that the journalists or reviewers are already primed to think of themselves as part of Apple's rabbit-warren, so that criticism from inside the warren makes them fall into line.

Thought experiment: would any of these journalists or reviewers pull an article in the face of a million letters and emails from Christians? Of course not. They'd congratulate themselves on their courage in ignoring "those people."

Many companies do require NDAs for people who test early pre-release software, that's nothing new. But unlike Google or Microsoft for all those companies own problems, Apple excercises extensive control of what apps can be released on their platforms. If a developer pisses off Apple, they can remove that developer's product from the market.

I agree Android is - at this point anyway - the way to bet. They have essentially the same model Microsoft had with Windows 3 twenty years ago. Free development kits and more or less unlimited access to the market. In those days, MSFT made billions in profit capturing less than 4% of the total Windows software market. But of course they forgot how to do that, so it's someone else's turn now. If Ballmer hadn't screwed that philosophy up when he took over for Gates, Winphone would be the platform of choice today.

I suppose it isn't really that odd that Google, who is really an advertising company disguised as a tech company and who made their fortune repackaging stuff created by other people, would understand the importance of open ecosystems. But they are probably more evil at heart than any of the other tech giants, and I assume they too will forget as soon as they're in a position to, maybe 10 years down the road.

He did however manage something impressive. A customer base that identifies itself by owning Apple products.

Sales 101. All motivation is based upon a person enhancing a sense of their own importance. Apple managed the not so minor miracle of doing that with own products.

Own Apple and you are more important than other people. You are one of the Elect. You are better than other people who make the same amount of money that you do...just by owning a Mac. And iPad. And an iPhone. Your security is for crap but you are more important.

Eventually someone is going to figure out what Intel did back in the late 90s and realize that they can dominate the mobile platform with killer game applications across the various game genres. And it's not going to be Apple.

It will be the company that develops a safe, portable neural interface. Processing power and memory are not the issue with mobile gaming: it's the user interface. If you're going to carry around a controller or mouse/kb to plug into your phone or tablet, you might as well just bring a gaming laptop too. However, once man-machine interfaces go neural, phones and tablets will be outright replaced by implants. You'll be able to play CoD online in your head... at work.

While my personal devices have been apple for a long time, it's always been because it had the right blend of *nix back end and a supported front end for my use. 2K, XP, Win 7, 8.1, Mint, Suse, Ubuntu, Centos, Fedora, and yes, even Red Hat and Debian (I've been in and out of Linux since the late 90's) have all been part of my home setup. I support Windows, Android, iOS, Macs, and Linux as well.

Fascism has always been in their DNA, but I think it's now with Tim that the reins were taken off. Steve, for all his faults, wanted to build something great, and that put some restraints on both what he was willing to provide, but also on what he could do if he truly wanted it out there for everyone.

With Tim in charge, we are now seeing the Apple watch positioned as an explicit fashion item. I get it - it needs to be fashionable and solid if it's ever going to be more than a geek thing, but there's something not right here that makes me look at other options.

I think this meshes with Tim Cook explicitly tying apple to charities where the company used to treat it as a private thing. Explicitly tying Apple to "diversity" initiatives. Explicitly looking at green solutions, not because it saves costs and is more efficient/effective while also doing some good, but because it "does good" regardless of costs.

For better or worse, in small ways, they're losing their focus on making a product, and thinking more about HOW they make it, and how that makes them look, than what they end up with. And without that focus, all the other worst tendencies of the walled garden attitude are coming more to the fore.

"Anyone who uses anything Google or Microsoft (or multiple other companies, for that matter), and still complains about Apple, is throwing huge rocks while living in a 100% glass house."

It does make a difference if you use security glass or 8 mill security film on your glass. While the walled garden attitude might be bad you want a fence around it to keep pests out. I wonder if there are any copies of the emails sent by the hive to see how bad they are. I like the saying "if steve jobs made an car its hood would be welded shut."

My brother in law is an Apple Fan boy. He is also rather technical minded (an ad programmer).

But when ianything is talked about, he is blind. I was drinking with him once, and he admitted that the issue was that Apple is a life choice, and to say anything bad about it is saying you made a poor life choice.

He views buying Apple products the same way he views marrying my sister. Literally.

That is why I don't like Apple. I used android/Amazon devices now, but will jump to a new platform if I want to. I am not committed to those sets of software. Apple fanboys are.

And it's why they're never going to own the game market that they threw away after the Apple II.Reminds me of the Apple parody several years ago that tells people why they should buy apple computers: Great games. And you know they are good, because you already played them 3 years earlier on PC.

Well, what I read around dev blogs is that developers LIKE the walled garden, since it lets them make more money by protecting them from piracy. Their version is that Android has this HUGE piracy problem that makes Android versions of their software less profitable.

Meh...EVERYONE has NDAs for access to prerelease software. There's only so much you can say to criticize or praise any prerelease product for this reason. Once it's public you can say whatever you want. Any reviewer who fails to do so honestly because an Apple employee might send an "evangelical" email doesn't deserve to write reviews in the first place.

And it's why they're never going to own the game market that they threw away after the Apple II.

iOS has 18% of mobile market share globally vs. Android's 78%. But iOS has twice the consumer spending and revenue of Android. At this moment in time if you are a mobile app developer you will generally have higher sales and profits in the Apple app store, and you are better off targeting iOS before Android if you have to stage your development and releases.

So right now iOS does own the mobile gaming market.

This has nothing to do with the desktop gaming market or why it never materialized on Mac OS. There is no walled garden on Mac OS yet it remains a 2nd class gaming platform. There is a strict walled garden on iOS yet right now it dominates mobile. You may hate the walled garden or love it, but it's not the deciding factor as far as games are concerned. And it is a minor factor at best in terms of platform market share.

Eventually someone is going to figure out what Intel did back in the late 90s and realize that they can dominate the mobile platform with killer game applications across the various game genres.

Eventually? This started in 2007/8. There are a ton of killer games in the mobile space right now. In fact the problem with the mobile space is that there are far too many high caliber apps and games. To compete...to even get noticed...you must have something very unique. Or you must have a large pool of resources to draw upon.

The trends there would be more interesting to know. Apple had quite the head start. Are they that far ahead permanently or are they on the decline?

I remember being in a small meeting with developers at an early GDC where an Apple Evangelist was seeking game designer input for Apple. The desire of most was easier use of the GPU for processing tasks IIRC.

I do not think much ultimately came of this session though. I don't think Apple itself cared much about it even a year later.

That's because those apps are scams. If you have not jail broken your iPhone and you do not load enterprise provisioned apps then there is really no way for a virus to spread to your device. A Trojan might temporarily slip through the app review process, but once it's discovered it's gone. (And by gone I mean the credentials are revoked and it stops running everywhere.) The only viable line of attack is via a hole in a networked app such as Safari, but in iOS those are heavily sandboxed.

You don't need a virus scanner when every piece of code on the system is digitally signed and nothing with an invalid or revoked signature is allowed to run.

No system is 100% secure. But any successful, wide spread attack on iOS would have to be at a level below a simple virus scanner. And it would require a response from Apple themselves.

The "walled garden" raises issues to be sure, but this is the #1 advantage. I would not accept a walled garden on my desktop (and Mac OS has no such thing). But on most people's phones it's likely a good thing.

If you have jailbroken your iPhone you are wide open to malware. But in that case you can run whatever AV product you think is legit.

Apple Pay is a separate issue entirely, and you have to be a fool to use version 1.0 of something like that. (Then again, given the level of credit and debit card crime, perhaps we're all fools for not using cash 100% of the time.)

The trends there would be more interesting to know. Apple had quite the head start. Are they that far ahead permanently or are they on the decline?

Right now Android devices dominate Asia, but the average Android user there has a very limited income. In the U.S. the platform market share is more evenly split and U.S. consumers have a ton of disposable income for $1-$10 apps. iOS users any where tend to spend more money on apps then Android users, though that may simply be an artifact of the average income bracket of an iOS user.

Android is gaining and I believe some day they will have higher app sales and revenue. But barring some radical misstep on Apple's part...or some technological shift that knocks both out...I imagine iOS will always be a strong player in the mobile market.

I remember being in a small meeting with developers at an early GDC where an Apple Evangelist was seeking game designer input for Apple. The desire of most was easier use of the GPU for processing tasks IIRC.

I do not think much ultimately came of this session though. I don't think Apple itself cared much about it even a year later.

iOS or OS X? OS X supports GPU processing via OpenCL and GCD. But I don't know if this ever made it to iOS.

I have been an apple user pretty much my whole life. All of my home computers and devices are apple. I won't say that apple is better than a windows/android because it's not true. Both systems have advantages and disadvantages. I am not a power user, I am not a programmer or meddler in the eldritch workings of the black arts of computer science. I like having something that works, more often than not, with little to no input from me.

All that being said I also understand that all the money I've put into my iPhone apps, books, and movies could be taken from me at any point in time. That's a risk that one takes in this digital age where we hold no physical representation of what we buy. The same goes true for any digital games I buy on xbox, steam, or playstation.

I'm not an apple evangelist, I just like having something that works without me having to futz with it. Just my two cents.

I've thought about this as I've started using Apple as an example to make business owners cognizant of the power of tax strategy. So far no problemo. But i think this is just complimentary of Apple. http://www.elliscpa.us/apples-tax-strategy/

On Nov. 6, 2012, the night of Mr. Obama’s re-election, Mr. Schmidt was personally overseeing a voter-turnout software system for Mr. Obama. A few weeks later, Ms. Shelton and a senior antitrust lawyer at Google went to the White House to meet with one of Mr. Obama’s technology advisers.

By the end of the month, the FTC had decided not to file an antitrust lawsuit against the company, according to the agency’s internal emails.

It is unusual for White House aides to talk with officials at a company or agency about law-enforcement matters involving the company or agency. Officials in the Justice Department’s Antitrust Division typically don’t meet with the White House during major investigations.

I get that the freedom to run code you want is important, but I don't want to run that might hurt my computer unknowingly. I'm lazy, I have enough intelligence to figure out how to use a computer at a high level, but I don't want to. That is why I use apple products.

I don't think apple is as bad as people here are making them out to be. They provide a service/product that some people prefer. If you don't like it then just avoid apple.

From 2007 - 2011, the iPhone was the king of smartphones, but it was dethroned when Ice Cream Sandwich came out.

Now Android is the clearly better mobile platform, with a better choice of devices, better UI (unless you're a fan of the one-button Apple interface - I think it's horrible), much better customisation options even if you don't root, and at a much lower price point.

The only advantages Apple has are faster rollouts of OS updates and brand recognition.

The red herring was your initial "digital tyranny" comment. YIH cited Apple's rejection of AV apps for iOS as a negative. I pointed out that because of the way digital signatures work on iOS the AV apps were useless and therefore scams. You replied that such a system was "digital tyranny." That such a system could be abused to do things you might label "digital tyranny" was beside the point.

The NSA comment was meant to put the potential for abuse by Apple in perspective. Look up the dictionary definitions of "tyranny." Apple is not a government (most definitions), and is simply not capable of engaging in "cruel" treatment of others (non-gov def) via the power they have over iOS. So strictly speaking your reply was both a red herring and untrue.

The worst thing Apple can do is tell you that you cannot run a certain app. In which case you can sell your iPhone and buy an Android. Now you may consider that a good thing (security), or a bad thing (freedom of choice). In reality it's a little of both, and each consumer must decide what balance they want. But it simply does not rise to the level of "tyranny."

If people care about digital freedom and the ability to run the code of their choice, they should stay away from Apple.

Staying away from Apple has practically no ramifications as far as those issues are concerned. You should stay away from iOS if there are apps on Android (or Windows or Blackberry) that you cannot obtain on iOS.

I've been using my 1st iPhone for 6 months after having been on Android for 5/6 years (I still have Android as a personal device)

Apple's usability is not as good as Android on basic fundamentals on things such as:-Keyboard typing (exacerbates the issue of unlocking a corporate device)

-Speech to text

-Sending a text from a missed call

-Having no central location of a "back button" (this is ultimately the worst UI feature ever)

-Creating a calendar event (I like to choose the time before I name the event or location.....not being able to bounce around is NOT a feature, it is a flaw)

Android is constantly releasing new, easy to use features. There are more than 1 way to go about doing things, which is handy.

At least I have tried it. Although I was a little miffed when I found out after the fact that I could have gotten a Samsung for a corporate device.

I understand why large corporations leverage Apple. Having all devices be the same makes sense for those who are centrally managing/supporting said device.

But, Apple is not the only game in town anymore. The last 2 device launches were comical in their build up. As they kept oohing & ahhing about new features......many tech guys that I know where laughing that competitors have had those features for years. Plus, they only compared their devices to their previous devices......no mention of the actual competition.

That's because those apps are scams. If you have not jail broken your iPhone and you do not load enterprise provisioned apps then there is really no way for a virus to spread to your device.

My aren't you naive. I will bet some way comes out to infect an existing app, using Apple's own core system functions, in the near future. We may have had several already, but I am not up on the iOS security arena.

It is very naive to only think that infected apps can infect a system. Kind of like the king of Babylon having a party the night he was being invaded by the king of Persia. He failed to notice the other "holes" into his capital city.

The same is true of Apple's garden. They may be harder to crack, but harder doesn't mean impossible. I would bet organizations such as the NSA already have ways to do that, outside whatever they got Apple to put in for them.

iOS or OS X? OS X supports GPU processing via OpenCL and GCD. But I don't know if this ever made it to iOS.

This was before either. Probably System 7 or 8, though it has been long enough I forget what it was called. GDC stands for the Game Designer's Conference that Vox writes about. This was before the corporate buyout when it was run by some volunteer board.

I get that the freedom to run code you want is important, but I don't want to run that might hurt my computer unknowingly. I'm lazy, I have enough intelligence to figure out how to use a computer at a high level, but I don't want to. That is why I use apple products.

You are giving it up for a false sense of security. You will likely lose the freedom and security you think you have at some point in the future. A big attack will eventually come for them, when is just the question. They have too much value there for attackers.

Darn comment got ate by my phone.... Well I'll try to summarize. I get that people love or hate Apple a lot, but there are some people who use Apple products that are not Apple evangelists. Use what you want and what works for you. I use Apple knowing that sometime down the line something bad might happen, but so does everyone in The world with all you do in life. Good bad or indifferent I like Apple products, they do what I want when I want it more often than not.

Brad Andrews March 25, 2015 6:32 PM - I will bet some way comes out to infect an existing app, using Apple's own core system functions, in the near future.

If you infect (i.e. modify) an app the signature is no longer valid and iOS will not execute the code. A wide spread attack would involve cracking the encryption, or finding a way to modify the OS so it executes whatever you want. Either would be very difficult and neither is likely.

A true virus is pretty much a dead end because you can't deliver it to the system in the first place. A Trojan would have to exploit a previously unknown hole to gain the ability to write over portions of the OS, yet simultaneously pass the app store analysis tool. Taking control over a network app isn't all that hard...a lot of iOS patches are to cover such things...but breaking out of the sandbox is very hard.

The most likely vector would be malicious code embedded in the manufacturing process. I honestly don't know what Apple has in place to detect and deal with such an attack. That would be my greatest concern given our level of off shoring to China. But that's a concern with everything, even military hardware.

I've explicitly said nothing is 100% secure. But good luck mounting a widespread malware attack against iOS unless you are on the inside and plan very carefully. If you succeed it will be via a path that renders AV scanners useless. Once again, the apps Apple removed were at best useless and at worst scams.

I would bet organizations such as the NSA already have ways to do that, outside whatever they got Apple to put in for them.

If the NSA gains physical access to your device then all bets are off. Likewise, iOS devices running enterprise provisioned apps are open to attacks through those apps which are not subject to review. But I doubt even the NSA can distribute malware to iOS devices they do not have physical access to.

As for Apple giving the NSA back doors, the NSA and FBI are complaining about iOS encryption precisely because if it's setup right Apple cannot help them decrypt. FedGov can issue all the warrants and national security letters they want, Apple simply doesn't have the ability to comply. I have no idea if this will change in the future, but right now that's the case.

James Dixon March 25, 2015 7:41 PM - Not hardly. You're no more open than you are on any system where you can chose what software to install. Like, say, OSX.

First, the fact that iOS can be jail broken is a huge problem, because jail breaking is a buffer overflow attack. Yes, this means that iOS is vulnerable to buffer overflow attacks.

Second, apps all seem to run some kind of client/server software on them. That's the vector from where an attack will most likely come. An app developer with poor security in their web server will get hacked and upload something into your iphone.

Third, security seems to be built off of a 4 digit password. A 4-digit password with characters 0-9 is trivially easy to crack. That is a very small rainbow table.

Fourth, NSA will simply hack the computer on which itunes sits and which automatically syncs with the iphone and creates a backup.

You really need to meet some better hackers if you don't think a program can be modified without altering it's signature.

Really? How? Signatures work because they're pretty robust, as I understand it. I'm not aware of any hacks that have accomplished this.

Third, security seems to be built off of a 4 digit password. A 4-digit password with characters 0-9 is trivially easy to crack. That is a very small rainbow table.

I don't know how the PIN internals work on iOS, but I'm pretty sure they don't work in the way you're suggesting.

Android and iOS keep battling it out, but I still miss the Blackberry. Some of their software was crap--the browser was especially bad--but if you did a lot of text-based communication, it was top tits.

"As for Apple giving the NSA back doors, the NSA and FBI are complaining about iOS encryption precisely because if it's setup right Apple cannot help them decrypt. FedGov can issue all the warrants and national security letters they want, Apple simply doesn't have the ability to comply. I have no idea if this will change in the future, but right now that's the case."

This may be true and it may not. Given the track records of the parties involved and the increasingly thuggish tactics used to force tech companies to provide backdoor access, I don't believe a word of it.

> If you infect (i.e. modify) an app the signature is no longer valid and iOS will not execute the code.

I see Jack beat me to it. :(

> Really? How? Signatures work because they're pretty robust, as I understand it.

The signature has to use some type of mathematical process on the file to verify its integrity. Once you know the process and the final result, it's comparatively easy to reverse the process and determine what changes you need to make to keep the final result the same. Unless the process is a secret, in which case your security can't be verified, there's no way to make it impossible. You're not trying to decrypt the original, you're trying to create a conflict. That's a much easier process.

I realize the thread is practically done, but I'll go ahead and post since I haven't seen it since the 25th...

map March 26, 2015 1:26 AM - First, the fact that iOS can be jail broken is a huge problem, because jail breaking is a buffer overflow attack.

Jail breaking requires physical access to initially load a kernel patch. (I believe there was one over-the-network jailbreak that was quickly fixed.) As I said above in regard to the NSA, if a criminal gains physical access to your phone all bets are off. But you cannot deploy a widespread attack by physically accessing everyone's phone.

Some patches, once loaded, have exploited buffer overflow vulnerabilities in patching the kernel. But they had to be physically loaded to do so. The code being exploited was not exposed to, say, the network or a sandboxed app.

Second, apps all seem to run some kind of client/server software on them. That's the vector from where an attack will most likely come. An app developer with poor security in their web server will get hacked and upload something into your iphone.

Discussed above. It's not difficult to find and exploit a hole in a networked app given the massive number of networked apps in existence. This has been done. It is very difficult to break out of the sandbox and compromise the system as a whole.

Third, security seems to be built off of a 4 digit password. A 4-digit password with characters 0-9 is trivially easy to crack. That is a very small rainbow table.

The end user screen pass code is simply not related to overall system security in the manner you believe.

Fourth, NSA will simply hack the computer on which itunes sits and which automatically syncs with the iphone and creates a backup.

That's a possible vector for anyone if the goal is to simply gain access to an unencrypted iOS backup. Though that's somewhat different from distribution of a virus or Trojan which compromises actual phones.

James Dixon March 26, 2015 8:00 AM You're not trying to decrypt the original, you're trying to create a conflict. That's a much easier process.

It is by no means an easy process, and in many cases is not feasible at all.

But let's say you manage to modify an app to do what you want and yet still match its preexisting signature.

* How do you get it on a lot of phones when phones that are not jail broken get their apps exclusively from Apple's servers?

* How do you compromise the system as a whole with your zombie app when every single app is sandboxed?

I'll say it over and over: iOS is not 100% secure and there is no guarantee it will not experience a widespread attack in the future. Perhaps even by one of the paths which I am claiming are difficult.

But the "walled garden" presents a large number of barriers which must be successfully navigated to compromise the system. The walled garden has cons, but that is clearly a pro for many (not all) users.

Post a Comment

Rules of the blogPlease do not comment as "Anonymous". Comments by "Anonymous" will be spammed.